Robert,
Event 673 is the Service Ticket Request event (for more info see the event
resource below or Kerb Authn Tech Ref Tools & Settings). Looks like you have
a failure code 0xD - KDC_ERR_BADOPTION: KDC cannot accommodate requested
option (See TS Kerb Err WP for details). This is an error that typically
does not cause you any problems since if the TGT is about to expire your
system will request a new one. However, if you are trying to use constrained
delegation in Windows 2000 then you should rethink your scenario since
Windows 2000 does not support constrained delegation. If you want
constrained delegation then you need to use Windows Server 2003 Active
Directory (domain).
Does that answer your question?
Resources:
Kerberos Authentication in Windows Server 2003 web page has lots of Kerberos
Authentication resources:
http://www.microsoft.com/kerberos
Troubleshooting Kerberos Errors whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
Our resource Windows Server 2003 Events and Errors is off the TechNet Menu
under Troubleshooting & Support as the Events and Errors Message Center. It
has the following URL:
http://www.microsoft.com/technet/su...ows Operating System&MajorMinor=5.2&LCID=1033
Below is the entry for your error:
http://www.microsoft.com/technet/su...indows+Operating+System&LCID=1033&ProdVer=5.2
--
Michiko Short [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
Robert J said:
We have 2 2003 domain controllers, both are recording a logon failure, id
673
with the following data
User: NT Authority/system
service name: host/myserver.domain name
Ticket options 0X40830000
Client address 127.0.0.1
Failure code 0XD
I haven't found any help in the knowledge base. Any help would be
appreciated.
Thanks, Robert
